Rails - May 2009 - how hidden field

Dear all,


i wrote script in view like this,
<% form_for :seq do |form| %>
     <fieldset>
      <legend>Source Information</legend>
        <div class="form_row">
          <label for="seq_id">User ID </label>
          <%= form.text_field  :user_id, :value => session
[:user_id],:size=>10 %>
        </div>
   </fieldset>
 <% end %>

and i want hide this field to user but i want value= session[:user_id]
to  insert database automatically
how i do?
thank you

Change form.text_field for form.hidden_field, see
http://api.rubyonrails.org/classes/ActionView/Helpers/FormHelper.html
for more options.

Regards.

Franco Catena.

On May 6, 4:16 am, "pleb...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org"
<pleb...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Dear all,
>
> i wrote script in view like this,
> <% form_for :seq do |form| %>
>      <fieldset>
>       <legend>Source Information</legend>
>         <div class="form_row">
>           <label for="seq_id">User ID </label>
>           <%= form.text_field  :user_id, :value => session
> [:user_id],:size=>10 %>
>         </div>
>    </fieldset>
>  <% end %>
>
> and i want hide this field to user but i want value= session[:user_id]
> to  insert database automatically
> how i do?
> thank you

Just make sure you don''t create a security hole where a "bad
user"
could change the hidden user_id to create problems for the
application.

On May 6, 12:16 am, "pleb...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org"
<pleb...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Dear all,
>
> i wrote script in view like this,
> <% form_for :seq do |form| %>
>      <fieldset>
>       <legend>Source Information</legend>
>         <div class="form_row">
>           <label for="seq_id">User ID </label>
>           <%= form.text_field  :user_id, :value => session
> [:user_id],:size=>10 %>
>         </div>
>    </fieldset>
>  <% end %>
>
> and i want hide this field to user but i want value= session[:user_id]
> to  insert database automatically
> how i do?
> thank you

thank you so much
i use form.hidden_field .it''s work
-_-

2009/5/6 Brendon <brendon-gi94QSVkwfGt/hvpvFFPbQ@public.gmane.org>
>
> Just make sure you don''t create a security hole where a "bad
user"
> could change the hidden user_id to create problems for the
> application.
>
> On May 6, 12:16 am,
"pleb...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org"
<pleb...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > Dear all,
> >
> > i wrote script in view like this,
> > <% form_for :seq do |form| %>
> >      <fieldset>
> >       <legend>Source Information</legend>
> >         <div class="form_row">
> >           <label for="seq_id">User ID </label>
> >           <%= form.text_field  :user_id, :value => session
> > [:user_id],:size=>10 %>
> >         </div>
> >    </fieldset>
> >  <% end %>
> >
> > and i want hide this field to user but i want value= session[:user_id]
> > to  insert database automatically
> > how i do?
> > thank you
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Just as long as you know that users can EASILY change values you put
into hidden fields... so If they can mess up the system, somebody
will.

If you need to protect against that (and don''t want to store this
stuff in the session which is where I''d put it) then ALSO include a
hash of the hidden value + a secret value to protect against changes.

Brendon.

On May 6, 9:36 pm, thitima panyayai
<pleb...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> thank you so much
> i use form.hidden_field .it''s work
> -_-
>
> 2009/5/6 Brendon <bren...-gi94QSVkwfGt/hvpvFFPbQ@public.gmane.org>
>
>
>
> > Just make sure you don''t create a security hole where a
"bad user"
> > could change the hidden user_id to create problems for the
> > application.
>
> > On May 6, 12:16 am,
"pleb...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org"
<pleb...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > Dear all,
>
> > > i wrote script in view like this,
> > > <% form_for :seq do |form| %>
> > >      <fieldset>
> > >       <legend>Source Information</legend>
> > >         <div class="form_row">
> > >           <label for="seq_id">User ID
</label>
> > >           <%= form.text_field  :user_id, :value => session
> > > [:user_id],:size=>10 %>
> > >         </div>
> > >    </fieldset>
> > >  <% end %>
>
> > > and i want hide this field to user but i want value=
session[:user_id]
> > > to  insert database automatically
> > > how i do?
> > > thank you